Penetration Testing - Burp Suite Overview

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone now let's talk about Bob sweet so Bob sweet is one of the most popular security testing tool so we can use Bob sweet in order to intercept our HTTP requests which is going out through our web browser so Bob sweet contains different different tabs and each and different tab contains different different functions so the Bob suite contains tabs like proxies intruders scanners so the proxy tab is used for intercepting our requests and it's a proxy function so integral tab contains a different different attacks which we can perform on a remote website like we want to perform a dictionary attack brute force attack and the scanner module or scanner tab in Bob suite is used for scanning particular website and its vulnerability there is one more interesting tab in Bob suite called as decoder so the decoder contains different kind of functions which we can use in order to decode a particular thing like URL decode basic tifo decode so Bob suite is available in two versions pro and free so the in kali linux the Bob suite is already install and it's a free version and if you are a penetration tester so you can use Bob suite as a pro version because it contains more feature than free one so Bob suite is freely available for Linux Mac and Windows now let's see how we can intercept our HTTP request by using Bob suite now let's see that how we can use burp suite inside Kali Linux and windows so by default the Bob suite is installed in Kali Linux and if we are looking to use Bob suite in Windows then you can download from their official website and right now you can see that I am inside my Kali Linux instance and on the left hand side you will see this icon so this is the Bob suite so let me just click over hit and you can see it's a Bob suite free edition so I'm using Bob suite free edition so when the first time you will use the Bob suite so it asked us for this temporary project and/or if you want to create a new project so click on next use Bob defaults and start Bob so this is how the Bob Suite menu looks like here you can see the different different tabs and they have different different functions like proxy tab is used for intercepting our request then spider used for crawler crawling the website scanning the website intruder is used for performing different attacks brute force attack can different password guessing attacks the repeater is used to repeat our request then decoder is used to decode the strings like basics T for decode and URL encoding URL decoding then there are some another options so right now we are just interested on this option proxy because we want to intercept our request which is going out from our browser and once we are here in this tab proxy click on this options and here you can see that our Bob suite is up and running on this IP 127.0.0.1 that's a local host and port is 8080 now what we have to do is we have to configure our browser now let me open this Firefox browser so in order to configure the browser we have to go here preference then advanced and here is the network settings so we have to configure the network settings and here so by default when you will just open the settings it will just like this you system proxy so we have to click over here manual proxy configuration and we have to fill the IP address of the Bob suite along with its port number and we have to select this use this proxy server for all protocols click on OK ok now our Bob suite has been configured now every request which will go out from our browser will first go to the Bob suite and there we can intercept our request and if we want to do some modification we can then we can forward the request to the server now just for example let me just intercept this request tutorialspoint.com and here you can see I have requested tutorialspoint.com and it's waiting now let me open my Bob suite and okay this one is the request of clients dot Google com let me just forward it up okay and here you can see the entire request so HTTP method is get it's an HTTP version host is tutorialspoint.com and here you can also check the user agent and if you just click on headers you can see here the header name and its value and if you just want to see the hex value of this request so here is the hex value and if you just click on forward then it will forward our request otherwise you will just click on drop then it will here you can see that our request is dropped by user Bob sweet error now by default the Bob sweet is configured to intercept the request which is using HTTP protocol now what if if a particular website is running on HTTPS then our Bob suite will unable to intercept the request so to configure the Bob suite to intercept the HTTP request so what we can do is we have to install Bob Suites our certificate so in the URL bar just write down HTTP but hit enter and here you can see the Bob sweet menu and on the right hand side at the top you can see here see a certificate so click on this link and here is the Bob certificate so just save this file and open this file so this is the Bob sweet certificate you can see here so and if you just want to look at the detail you can so this certificate is verified and issued by ports figure which is the company that maintains the Bob sweet and if I scroll down you can see the issuer name issuer country then certificate serial number certificate fingerprints along with it hashes and here you can see the fingerprint of public key now just click on import and we have two right here password okay click on OK and here you can see that our certificate is successfully imported let me just close the certificate now and let me just write here tutorial smart again let me just forward is forward this request ok here you can see it still HTTP request no HTTP here you can see it says TTP but forward this and it will be redirected to the HTTPS you have to wait for a time being okay so this will give this error so click on advanced and add exception click on confirm security exception and now here you can see that our Bob suite can intercept HTTP traffic here you can see the HTTPS along with this lock sign and if you just want to look at its header you can click on forward and here is the HTTP website so the same thing you can do in order to intercept the request of Facebook or any other social website or any other website which running on HTTPS and here if you just go to STP history you can see the our recent stdp request which was made by the user so let me just turn off it intercept and close the Bob suite so once we close a Bob suite and if I just open any web site you will see the proxy service is refusing the connections so this we will see this error whenever Bob speed is not running so we have to change our settings again back to use system proxy now this will work here you can see despite the short introduction of Bob sweet so thanks for watching this video

Info

Channel: Tutorials Point (India) Ltd.

Views: 36,813

Rating: undefined out of 5

Keywords: Web Application Penetration Testing, Testing Security, Testing, Penetration Testing - Burp Suite Overview, Burp Suite Overview

Id: _XUQ7etMCT8

Channel Id: undefined

Length: 9min 15sec (555 seconds)

Published: Wed Jan 17 2018